Colorfull QMail Logging
Jump to navigation
Jump to search
Info from AM (agmsoft@gmail.com) to displaying your Qmail log in color
Add this line on your /etc/multitail.conf, if not exist create it.
# QMT COLORS
# QMT: clamd
colorscheme:clamd
cs_re:blue:^....-..-.. ..:..:..
cs_re:magenta::
cs_re:green:/var/qmail/simscan/.*(: OK)
cs_re:red:/var/qmail/simscan/.*(: [^ ]* FOUND)
cs_re:yellow:/var/qmail/simscan/.*( ERROR)
#
# QMT: qmail-smtp
colorscheme:qmail-smtp
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:magenta,,bold:<=
cs_re:magenta,,bold:=>
cs_re:green,,bold:=> *[^ ]*
cs_re:green:<= *[^ ]*
cs_re:green,,bold:=> *[^ ]* <[^>]*>
cs_re:green:<= *[^ ]* <[^>]*>
cs_re:yellow:H=[^ ]*
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re_val_bigger:magenta,,bold:5:'('(-|)([0-9]|)([0-9]).([0-9]|)([0-9])'/'11.00')'
cs_re:red,,bold: *[^ ]*SPAM REJECT ([^ ]*).*
cs_re:red,,bold: *[^ ]*:VIRUS:.*
cs_re:red,,bold: *[^ ]*:ATTACH:.*
cs_re:red,,bold: *[^ ]*policy_check: policy_load failed
cs_re:white,,bold: *[^ ]*RELAYCLIENT:([^ ]*).*
cs_re:white,,bold: *[^ ]*CLEAN ([^ ]*).*
cs_re:white,,bold: *[^ ]*policy_check: policy allows([^ ]*).*
cs_re:yellow: *[^ ]*CHKUSER rejected rcpt: ([^ ]*).*
cs_re:yellow,,bold: *[^ ]*policy_check: policy forbid([^ ]*).*
cs_re:magenta,,bold:rblsmtpd: ([0-9\.]*)
cs_re:magenta,,bold:qmail-smtpd.*
cs_re:magenta,,bold:spf-reject.*
cs_re:magenta: *[^ ]*CHKUSER rejected intrusion: ([^ ]*).*
cs_re:magenta: *[^ ]*CHKUSER rejected relaying: ([^ ]*).*
#
# QMT: qmail-send
colorscheme:qmail-send
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:delivery *[^ ]*: success:.*
cs_re:red,,bold:delivery *[^ ]*: failure:.*
cs_re:yellow,,bold:delivery *[^ ]*: deferral:.*
#
# QMT: SpamAssassin
colorscheme:qmtspamassassin
cs_re:magenta::
cs_re:blue:^....-..-.. ..:..:..
cs_re:yellow:autolearn=failed
cs_re:red,,blink:server killed by [^,]*, shutting down
cs_re_s:yellow,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re_s:cyan,,bold:clean message ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re:yellow:identified spam [^ ]* for [^ ]* in [^ ]* seconds, [^ ]* bytes.
cs_re_s:yellow,,bold:result: Y ([^ ]*) .*
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
cs_re:green:server successfully spawned child process, pid
cs_re:white,,bold:processing message.*
#
# QMT: sophie
colorscheme:sophie
cs_re:cyan::
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:NOTICE *[^ ]*:.*
cs_re:red,,bold:Virus present.*
cs_re:red,,bold:WARNING *[^ ]*: Scan result =.*
cs_re:yellow,,bold:WARNING *[^ ]*: error:.*
and this is how I call multitail: (or you can create a bash script with below code in it)
Using tail:
multitail -Z red,black,inverse -T -S -x "%m %u@%h %f (%t) [%l]" \ -m 0 -n 49 -cS qmail-send -l "tail -F -q -c 512000 /var/log/qmail/send/current | tai64nlocal" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000 /var/log/qmail/smtp/current | tai64nlocal" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: qq hard reject" -l "tail -F -q -c 1048000 /var/log/qmail/submission/current | tai64nlocal" \ -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "tail -F -q -c 512000 /var/log/qmail/spamd/current | tai64nlocal" \ -m 0 -n 49 -cS clamd -l "tail -F -q -c 512000 /var/log/qmail/clamd/current | tai64nlocal" \ -m 0 -n 49 -cS sophie -l "tail -F -q -c 512000 /var/log/qmail/sophie/current | tai64nlocal"
Using qmlog (you must have QTP installed)
multitail -Z red,black,inverse -T -S -x "%m %u@%h %f (%t) [%l]" \ -m 0 -n 49 -cS qmail-send -l "qmlog -f send" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -l "qmlog -f smtp" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -em "spf-reject" -l "qmlog -f submission" \ -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "qmlog -f spamd" \ -m 0 -n 49 -cS clamd -l "qmlog -f clamd" \ -m 0 -n 49 -cS sophie -l "qmlog -f sophie"
A simple script to display smtpd and spamd
multitail -s 2 -M 5000 -Z red,black,inverse -T -S -x "%m %u@%h %f (%t) [%l]" \ -m 0 -n 49 -cS qmail-smtp -em "policy_check" -em "CHKUSER" -em "simscan" -em "rblsmtpd:" -em "qmail-smtpd: " -l "qmlog -f smtp" \ -m 0 -n 49 -cS qmtspamassassin -ev "prefork" -ev "(connection from localhost)" -l "qmlog -f spamd"